Comments (5)
CardContact
commented on June 19, 2024
Looks like an issue with the Identiv driver.
There is no need to install the Identiv driver, as the token is natively supported by libccid.
Please uninstall the driver and try again.
from opensc.
senortestamarck
commented on June 19, 2024
Ok so I've removed the identiv driver, and it seems to be giving the same error. Ran with this command:
OPENSC_DEBUG=9 pkcs11-tool --module /usr/lib/pkcs11-spy.so --login --pin -k --id 01 --key-type EC:prime256v1
opensc: https://gist.github.com/senortestamarck/a5f84cecb6480f4496f503229e9f6391
pcscd: https://gist.github.com/senortestamarck/4ba82f8a38a3816925683baffb59d8b7
spy: https://gist.github.com/senortestamarck/eb79f1cedecafd80118f1a74b56e1837
Could it be an issue with udev or libusb? I noticed this line: usb:04e6/5816:libudev:0:/dev/bus/usb/001/014 -- was looking through some other issue output it had something like :libusb-1.0: instead of :libudev:
from opensc.
dengert
commented on June 19, 2024
A few things:
OPENSC_DEBUG=9 pkcs11-tool --module /usr/lib/pkcs11-spy.so --login --pin -k --id 01 --key-type EC:prime256v1
Was there a pin on the above command line?
In the OpenSC log it looks like 000000 which was accepted. 00 20 00 81 06 30 30 30 30 30 30
Do you need to use the PKCS11 CKU_SO (Security Officer) pin to generate the key?
If so, add --pin-type so and set --pin tot the SO pin.
Or don't add --pin and respond to the pin prompt.
In opensc log:
P:28170; T:0x140194287458432 17:07:52.372 [opensc-pkcs11] card-sc-hsm.c:1688:sc_hsm_generate_keypair: called
...
P:28170; T:0x140194287458432 17:07:52.372 [opensc-pkcs11] reader-pcsc.c:326:pcsc_transmit:
Outgoing APDU (265 bytes):
...
P:28170; T:0x140194287458432 17:07: [opensc-pkcs11] reader-pcsc.c:244:pcsc_internal_transmit: called
P:28170; T:0x140194287458432 17:07:54.063 [opensc-pkcs11] reader-pcsc.c:273:pcsc_internal_transmit: Identiv uTrust 3512 SAM slot Token [CCID Interface] (55512030608814) 00 00:SCardTransmit/Control failed: 0x80100016
The time from start of card to generate the key until failed was 1.691 seconds. Failure w 0x80100016 https://pcsclite.apdu.fr/api/group__ErrorCodes.html#gab02a33c2ef61f12a851dfe85c575d7cc
PCSC log shows:
00000003 winscard.c:1591:SCardTransmit() Send Protocol: T=1
00000025 APDU: 00 46 01 00 00 01 00 5F 29 01 00 42 09 55 54 43 41 30 30 30 30 31 7F 49 81 DA 06 0A 04 00 7F 00 07 02 02 02 02 03 81 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FF 82 20 FF FF FF FF 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 FF FF FF FF FF FF FF FF FF FF FF FC 83 20 5A C6 35 D8 AA 3A 93 E7 B3 EB BD 55 76 98 86 BC 65 1D 06 B0 CC 53 B0 F6 3B CE 3C 3E 27 D2 60 4B 84 41 04 6B 17 D1 F2 E1 2C 42 47 F8 BC E6 E5 63 A4 40 F2 77 03 7D 81 2D EB 33 A0 F4 A1 39 45 D8 98 C2 96 4F E3 42 E2 FE 1A 7F 9B 8E E7 EB 4A 7C 0F 9E 16 2B CE 33 57 6B 31 5E CE CB B6 40 68 37 BF 51 F5 85 20 FF FF FF FF 00 00 00 00 FF FF FF FF FF FF FF FF BC E6 FA AD A7 17 9E 84 F3 B9 CA C2 FC 63 25 51 87 01 01 5F 20 10 44 45 43 43 30 39 30 30 31 35 34 30 30 30 30 31 00 00
00000004 ifdhandler.c:1408:IFDHTransmitToICC() usb:04e6/5816:libudev:0:/dev/bus/usb/001/014 (lun: 0)
01690931 commands.c:1572:CCID_Receive Card absent or mute
00000014 openct/proto-t1.c:212:t1_transceive() fatal: transmit/receive failed
00000007 SW:
00000003 ifdwrapper.c:543:IFDTransmit() Card not transacted: 612
00000002 winscard.c:1616:SCardTransmit() Card not transacted: rv=SCARD_E_NOT_TRANSACTED
00000002 winscard.c:1644:SCardTransmit() UnrefReader() count was: 2
00000003 winscard_svc.c:695:ContextThread() TRANSMIT for client 13, rv=SCARD_E_NOT_TRANSACTED
So this could be a timing problem with USB or some problem on the token.
from opensc.
senortestamarck
commented on June 19, 2024
Thanks for your reply. Yes you are correct about the pin. I've also tried with the --so-pin option and it results in a not logged in error:
Linux96(root)> pkcs11-tool --module /usr/lib/pkcs11-spy.so --login --login-type so --so-pin 0000000000000000 -k --id 01 --key-type EC:prime256v1
Using slot 0 with a present token (0x0)
error: PKCS11 function C_GenerateKeyPair failed: rv = CKR_USER_NOT_LOGGED_IN (0x101)
Aborting.
Linux96(root)> pkcs11-tool --login --login-type so --so-pin 0000000000000000 -O
Using slot 0 with a present token (0x0)
Profile object 22486208
profile_id: CKP_PUBLIC_CERTIFICATES_TOKEN (4)
from opensc.
senortestamarck
commented on June 19, 2024
Switched the card to another USB bus, and key commands are now working. Closing the issue.
from opensc.
Related Issues (20)
- Error: Could not add card "/usr/local/lib/opensc-pkcs11-local.so": agent refused operation HOT 2
- New epass2003 token fails to initialize with error `Failed to create PKCS #15 meta structure: Card command failed` HOT 23
- Update Links in README.md before making a release HOT 2
- Building eOI (Slovenian eID) on ubuntu 22.04 HOT 12
- Compiling on Windows ignores CNGSDK_INCL_DIR and CPDK_INCL_DIR env. variables values HOT 2
- Problems with test scripts HOT 9
- Reselection of DF after failure in `sc_pkcs15_decipher` function HOT 5
- PIN change fails with CKR_PIN_LEN_RANGE because current PIN is too long HOT 10
- RFE: tools add --module-init arg for non-standard NSS softokn configDir HOT 5
- ActivIdentity Activkey_Sim 00 00 HOT 3
- CI: Check if refresh in documentation is needed
- doc: Python wrapper HOT 6
- pkcs11-tool: return value is 0 when signature verification fails HOT 3
- PKCS15 framework influence PKCS11 interface HOT 3
- docbook-utf8.xsl missing from release archive HOT 1
- Probable Reasons For CKR_GENERAL_ERROR From C_Login HOT 4
- SC-HSM: Support for storing of ECDSA keys HOT 3
- C_FindObjects does not find keys generated by C_GenerateKeyPair without reinserting HOT 3
- In pkcs11-tool CKA_DERIVE is not set for write-object and keygen HOT 2
- pkcs15-crypt signing fails on release 0.25.0 w/ a YubiKey-bound RSA key HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from opensc.